Ask Your Question

Storing hostname + profile in a database

asked 2017-01-28 19:54:55 -0600

wfsaxton gravatar image

I currently have a customer with non-puppet configuration management system that applies a configuration based on values in a database. One of them directly aligns with a puppet "role" so I'm thinking of using it directly with the new puppet config system.

To utilize this database, would my best bet be to just use an ENC that just queries the database (either directly or via web service) and spits out:

 - role::$role

Where $role is the queried value?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-01-29 20:45:32 -0600

DarylW gravatar image

I have a set of facts that get information from tags on aws instances, and I use something similar to the following

node default {
  $my_role = $::tag_role
  if defined("roles::${my_role}") {
    # if $my_role == foo, then this means that the class role::foo exists in the classpath, so lets apply it
    include "roles::${my_role}"
  } else {
    #either $my_role wasn't defined, or it was defined for a role class that isn't on the classpath.
    notify{ "Unable to find role $my_role, applying base role":}
    include "roles::base"

If you have some means to get the value from the database (custom hiera backend that can hit your database like ), you can use that information to apply the appropriate role.

edit flag offensive delete link more


Not sure what this means. When is $::tag_role populated? Is that how to use a factor fact in site.pp or something? If so, that would require the client to access the database, populate he fact, then send it to the puppetserver right? I'd like for the puppet server to do it directly if possible.

wfsaxton gravatar imagewfsaxton ( 2017-01-29 21:24:39 -0600 )edit

What I'm doing here is populating $tag_role with a custom facter fact that reads the role tag's value into tag_role fact. You would do something similar (possibly with a hiera backend and a hiera lookup instead of a fact) to discover the role of the box. the 'default' node is what goes in nodes.pp

DarylW gravatar imageDarylW ( 2017-01-30 09:17:01 -0600 )edit

What it does (as I said in my comment) is check if the appropriate class is in the classpath, if it is, it applys it, if it isn't, it applys a base role (so you would get your hardening/users/connectivity) and puts out an informational message. If you wanted to inject a failure that allows it to ..

DarylW gravatar imageDarylW ( 2017-01-30 09:18:22 -0600 )edit

.. run, you could do something like add an `exec{"Unable to find role $my_role, applying base role": command => '/bin/false'}` that only gets called if the lookup fails. That way it registers as a 'failed' run (since the desired role was not found)

DarylW gravatar imageDarylW ( 2017-01-30 09:20:14 -0600 )edit

So I can configure hiera to first look @ a backend (database or REST web service or something) , populate variables, then use these variables within the nodes.pp file to select appropriate role.

wfsaxton gravatar imagewfsaxton ( 2017-01-30 13:15:29 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2017-01-28 19:54:55 -0600

Seen: 46 times

Last updated: Jan 29 '17